referral spam from random wordpress blogs (87 posts)

  1. dualravens
    Posted 10 years ago #

    Starting today I've begun getting seeming referral spam from random wordpress blogs. In my stats page they show up as links to my site but invariably are from archived posts six months or older from random blogs that have nothing to do with linking my site.

    I've done a fine job with keeping up with the various types of referral and comment spam, but this seems peculiar and I'm not sure how to respond to it.

    At this point it's just a bother... but I'd love to get on top of this before I start getting massive amounts of what seems to be referral spam but isn't pointing at malicious or ad sites.

  2. whooami
    Posted 10 years ago #

    i got an interesting hit like that in my logs today. was one of them a christian web site by chance???

    IN Fact, know that ive looked I have 3 referers, none of which have ANY link to me on thier site, AND all the blogs are running wordpress ... version check from the header is next.

    http://obfuscated.net/index.php?p=230 is in my referers ... NO link, its an old post, and theyre running 1.2

    http://www.timesandseasons.org/wp-comments-popup.php?p=1895&c=1 is in my referers, its an old post, and I have no clue what version but its definitely WP.

    the 3rd one links to me :))) Atleast i was wrong in a good way

  3. It's easy for spam bots to spoof referrers. My guess is that as they swim through WP blogs, posting spam comments and trackbacks, they take with them a URL from the blog they last visited and use it as a referrer when accessing your site. This would help them by pass the popular technique of blocking a list of known spam referrers with .htaccess.

    For example, I always block a list of spam referrer URLs via .htaccess, but I can't (nor do I want to) block all referrers. So, using referrer spoofing, the bot finishes it's spam posting at http://obfuscated.net/index.php?p=230, and uses http://obfuscated.net/index.php?p=230 as its referrer when entering my site. This allows it to bypass my blocked list of spam referrers.

    I highly recommend enabling this plugin: http://www.ioerror.us/software/bad-behavior/

    It will be a long time before you notice any spam bot activity after activating it.

  4. whooami
    Posted 10 years ago #

    nm. i wont bother.

  5. What the fuck, Whooami? Honestly, what the fuck is your problem.

  6. dss
    Posted 10 years ago #

    I'm not.

    This was totally interesting to me, and makes a great case for using something like "badbehavior"

    call me polyanna for being a cheer leader, that's fine. I look even cuter in a pleated dress and braids.

    referral spam is a huge issue right now in terms of php performance, page load times, spam reporting, blacklisting, and all kinds of serious background BS that is of (or really better be of) serious interest to all WP users...

    keep up the good work bro!


  7. whooami
    Posted 10 years ago #

    i edited my post because I didnt want to get into a back and forth about plugins.

    "What the fuck, Whooami? Honestly, what the fuck is your problem."

    Ill let you moderate yourself. However if you must know, its that same ole' "lock step" answer (get this plugin) most "gurus" on here like to toss out. I dont use any plugins, macmanx, and guess what, until today, I hadnt seen ANY spam in atleast 4 months. Not one.

    As for your suggestion about it being a bot, thats a possibilty, however its a very new possibiltiy for me, and I find the timing coincidental at the very least. There is a spam posting on one of those pages, however there arent any on the other one.

    Thats all, nothing less, nothing more.

    PS: Work on those people skills macmanx, I didnt disrespect you in my reply.

  8. jennmiller
    Posted 10 years ago #

    I really have to agree about "Bad Behavior" (which is the best "blocker" I've seen). I've been using it for about a month now and I've seen a huge (and positive) difference. Give it a whirl ;)

  9. dss
    Posted 10 years ago #

    jennmiller rocks!

  10. jennmiller
    Posted 10 years ago #

    No plugins?!? I think I'd die without my 25+plugins (or maybe get a life....) I don't know anything about .htaccess or php or anything computer-related, really. I have to rely on the "quick and easy" method of plugins/hacks (or mods as I think they are now known). It's just a fun thing for me, trying out new things with my site. I don't think there's anything wrong with plugins, but if you have the knowledge to make a site without them, that's great too.

    And thank you, dss. You're spiffy, too ;)

  11. However if you must know, its that same ole' "lock step" answer (get this plugin) most "gurus" on here like to toss out.

    Really? Is that it? I really am sorry that I tried to help. From now on, I have a new answer. "Go figure it out and find a solution yourself, Asshole."

  12. Mark (podz)
    Support Maven
    Posted 10 years ago #

    macmanx is correct - I've just read a couple of blogs on this new technique. It's just like the spam battle - drdave writes RK, io_error writes BB and the spammers up their game too.

  13. whooami
    Posted 10 years ago #

    nonononono, I use plugins, jen .. just NO spam plugins. its all in the htaccess. thats WHY io-error's plugin works so well. If I were to use one, it would be that one, for sure. Thing is though I wrote a little page that lets me edit it if and when I never to, which isnt very often these days.

    macmanx, you were replying to the original poster, not me.. I didnt ask for help, in truth, which is why I edited my post, and which you seem to think gives you the right to act like a jerk. Since when are you above the rules of this forum?

    I clearly hope you dont deal with all the people that irritate in such a manor. I assure you not everyone is going to agree with what you say, or how you say it.

  14. its all in the htaccess. thats WHY io-error's plugin works so well.

    Just for a quick correction, Bad Behavior (ioerror's plugin), never uses (nor does it ever touch) .htaccess.

  15. jennmiller
    Posted 10 years ago #

    Oh, oops, I didn't mean to imply that it did...I have no idea how it works, just that it does *g*.

  16. I'm sorry, Jennmiller, I wasn't correcting you. I was correcting the Asshole (Whooami).

    Asshole (Whooami), go sudo rm / yourself.

  17. neon
    Posted 10 years ago #

    1. even though my blogs are infants by blog years, I installed bad-behavior as soon as I ran accross it. That, wp-contact and weather-icon are the only three plugins I use.

    2. My view of someone here has totally changed just now

  18. dualravens
    Posted 10 years ago #

    What did I start?!

    Thanks for the explanation macmanx.

    I'm a 'whatever' kind of guy... when it comes to blogs at least, so have been playing around with .htaccess and assorted plug-ins. My comment spam has been mostly taken care of but this one confused me. Why would it just be starting doing this? Or am I just noticing such on my blog?

    Thanks again everyone for the rousing conversation about this. I didn't know there was a no plug-in purity ideal... now I have to think about that and try to somehow wrangle my page into some kind of standards.

    Ah, I yearn for the days when a regular guy like me can just post a thought or two without the evil of spammers mucking up my time.

  19. dualravens
    Posted 10 years ago #

    Oh, and I have about four of five of these links now, all have very different layouts, and only one has visible referrer spam (linking to a new spam site I began getting yesterday). I realized quickly they could care less about me, and thought I'd find some connection. But it seems totally random making me think there's something curious going on with WP.

    I updated to the newest version yesterday and this stuff started showing up. It may not be a WP thing at all, but it sure seems like it.

  20. whooami
    Posted 10 years ago #


    My reasons for abstaining from any spam plugins (except that aforementioned captcha thats gone now) wasnt out of a sense of purity. :) I learned how to deal with spam the old fashioned way, and having had a lot of success, and NO added headaches (there are plenty of headache posts on here), have continued on doing so the old way.

    Thankfully, Im not alone, in fact, Im in pretty good company:

    If youre interested in everything Ive done:

    1. hardened .htaccess that also blocks the pinapple proxy and ALL .info and .biz tlds.
    2. renamed comments-post.php or whatever that file was originally called
    3. renamed wp-trackback.php
    4. the page that actually posts a comment is only accessable via my domain (prevents remote access via a script)

    thats it, and honestly, save the 2 spam I saw this morning, and didnt mention until after I saw your post here, I have gotten no spam.

    Added: it could be argued that my usage of the word, "prevents" is a mis-speak. Obviously, nothing is a 100% solution except for tearing down your web site completely. So I relaize in using that word, that what I am really doing is deterring really really really well. That said, whatever ive done has worked for me.

    My aversion at discussing this (see removed post above) stems from a post some time ago I made on here when i was looking at renaming a file. I posted, asking where I might find a particular reference, explaining that I wanted to rename a file, and why. The answer from one of the more prolific posters here, (name withheld), was basically to not answer me -- instead they pointed me in the direction of a spam plugin. I was to say the least a little put off, as I had clearly stated my intention, and had not asked about using a spam plugin, where to get a spam plugin, etc..

    Some people like using plugins, thats fine. Some people chose to do things differently, that should be fine as well.

  21. neon
    Posted 10 years ago #

    Makes a lot of sense, doesn't it Whooami.
    I choose to use as few plug-ins as possible just to keep headache time to a minimum at some future date. Software, yes, even free software, is continuously evolving. There will always be upgrades. The one thing you can be sure of is that the last thing on the minds of the developers are the thousands of user-created plug-ins. All they are concerned with is their own software, its functionality, its security. And rightly so. They leave the plug-in compatibility issues to the creators of those plug-ins.

    Even with such an excellent support community as this, one will always run into a plug-in or three where, shortly after a main software upgrade, the plug-in creator is away for a little while, or for good. Sometimes others can step in and quickly rewrite the plug-in code to solve the compatibility issues. Other times, one may not be so lucky. Your only option then would be to remove that plug-in and try to remember what other files you changed to accomodate that plug-in. Yes, I know, plug-ins are a simple plug'n play function, but many of us do change other files to make them "look good", be it the stylesheet, or some other file.

    Moral of my story: I love plug-ins. I use plug-ins. But I keep them to an absolute minimum. I hate headaches.

    Thank you, to each and every one of you gifted coders. Keep plug-ing away! (yes, I know that last bit was cheesy :) )

  22. neon
    Posted 10 years ago #

    I have held off upgrading my blog. I plan to do so tomorrow (time permitting). If there are any changes in my spam, I will be sure to let you know. :)

    P.S. sorry about that long post up there. You know us bloggers, once we get going... ;)

  23. whooami
    Posted 10 years ago #



    In that thread is the email of the person, Shelly, that can tell you exactly which file you need to change, if you just want to do ONE critical file change. Its painless :)

  24. neon
    Posted 10 years ago #

    Whooami, you are also a mind reader I see. "Thank you" is an understatement, but you'll have to accept it anyway. Cheers :)

  25. dualravens
    Posted 10 years ago #

    whooami, thanks for the added note. I totally appreciate your non-plugin choice. I picked up on the .htaccess thing not too long ago and it did wonders. Your other suggestions will also be incorporated at some point. I'm slowly wading into the deep end of coding and such, still intimidated by a .php ending as opposed to a html.

    Plugins are a good way, I find, to get something done quick, while I work out how to get a more secure site. So I'm with you neon, I use a few, love what those few can do, but keep them to a minimum. And I echo the "coder" thanks. You all do wonderful work in keeping us regular folks online.

  26. coffeebabyyeah
    Posted 10 years ago #


    macmanx, you ought to be ashamed of yourself. I have to say that youre way out of line. You dont have any right to speak to someone on these forms in that manner. No right whatsoever.
    Its funny that so many threads are locked, moderated, or completely removed when lesser offensives than the blatent rudeness in this thread occur, and yet I see that Podz has posted, without comment.

    So Podz, old friend, youre equally at fault. You should have stepped in and didnt.

    I am a regular on these forms.Ive read whooami's other posts. Like he said you may not agree with them, but he has as much a right to be vocal as anyone else, or not be, as was the case here. And he has never been as rude as macmanx was tonight. never. atleast not in any of the posts ive read.

    I've taken a saved copy of this page and i will be emailing it to Matt. There's no excuse for this, none at all.

  27. NuclearMoose
    Posted 10 years ago #

    Some people do a lot of pissing and moaning, while others, like Podz and MacManX, bend over backwards to be helpful.

  28. coffeebabyyeah, the history between Whooami and I goes back further than you probably know. As for being out of line, I don't care. I'm tired of being "in line" in the face of those who have been out of line further than I have gone today.

    NuclearMoose, thank you. It's nice to hear something like that from someone who's opinion actually matters.

  29. Mark (podz)
    Support Maven
    Posted 10 years ago #


    And while I'm here .... Shelley did not reveal the file that is at risk. Someone else in this thread did. I certainly think that that particular fact should have remained under wraps until it was officially disclosed.

    And I will defend macmanx, as I would defend anyone who takes time to come back here and answer questions for others - often questions that have been repeated endlessly. Sure, no-one has to answer stuff, but it would be a poor excuse of a forum if no-one did. You can answer 100 questions and get a "Thanks !" for each one but 1 attack can - and does - undo all that.
    How questions are answered here matters to only 1 person - the one who asked. It doesn't matter what you think of the answer, only that the person who did not know the "how" now does.
    And if your question is not answered well enough, consider that it could be how you phrased it ? True, it might not, but we can't see all that you know and want to know just through text - everyone must know that text is sometimes crap for communicating.
    There is also the possibility that you may actually know more than most of us do, and that we are trying our best yet failing you.

    You may feel annoyed and exasperated when you post, then when you see the answer then when you post again (I certainly do in other forums) but you cannot know what the other person is doing / thinking and assumption is a very bad thing.

    Peace , love and harmony will never descend on these or any other forums, but please ...... can we chill a bit ?

  30. dualravens
    Posted 10 years ago #

    I installed the bad-behavior plugin, and I woke up to about 3 or 4 more of these kinds of links this morning. All WP, showing up in my webhost stats page, not anything to do with my WP admin. I'm still curious because this all started yesterday. I've fairly cut all spam links, comments, track-backs... but this seems to be a curious slipping through.

    I mean I guess it's fun getting random links to blogs completely unrelated to my own, but still... wondering if this points to something a wee bit different than anything around before.

Topic Closed

This topic has been closed to new replies.

About this Topic